What are the potential security risks associated with not escaping user input in PHP?

Not escaping user input in PHP can lead to SQL injection attacks, cross-site scripting (XSS) attacks, and other security vulnerabilities. To mitigate these risks, always sanitize and escape user input before using it in your PHP code.

$user_input = $_POST['user_input'];
$escaped_input = htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
// Now use $escaped_input in your PHP code